Practice Free IIA-CIA-Part2 Exam Online Questions
Question #71
Due to a recent system upgrade, an audit is planned to test the payroll process.
Which of the following audit objectives would be most important to prevent fraud?
- A . Verify that amounts are correct.
- B . Verify that payments are on time.
- C . Verify that recipients are valid employees.
- D . Verify that benefits deductions are accurate.
Correct Answer: C
Question #72
Which of the following engagements is likely to be most appropriate for an organization that is planning an acquisition?
- A . A performance engagement.
- B . A system security engagement.
- C . A due diligence engagement.
- D . A compliance engagement.
Correct Answer: C
C
Explanation:
Due diligence engagements are crucial when planning an acquisition, as they evaluate the financial, operational, and legal aspects of the target entity. This ensures informed decision-making and minimizes acquisition risks. Performance engagements (Option A) focus on efficiency and
effectiveness of operations, while system security engagements (Option B) and compliance engagements (Option D) do not address the comprehensive assessment required for acquisitions. The CIA syllabus emphasizes due diligence as a specialized type of consulting engagement (Part 2: Section II).
C
Explanation:
Due diligence engagements are crucial when planning an acquisition, as they evaluate the financial, operational, and legal aspects of the target entity. This ensures informed decision-making and minimizes acquisition risks. Performance engagements (Option A) focus on efficiency and
effectiveness of operations, while system security engagements (Option B) and compliance engagements (Option D) do not address the comprehensive assessment required for acquisitions. The CIA syllabus emphasizes due diligence as a specialized type of consulting engagement (Part 2: Section II).
Question #73
According to the Standards, which of the following is least important in determining the adequacy of an annual audit plan?
- A . Sufficiency.
- B . Appropriateness.
- C . Effective deployment.
- D . Cost effectiveness.
Correct Answer: D
Question #74
According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?
- A . The CAE can release prior internal audit reports with the approval of the board and senior management.
- B . The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.
- C . The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.
- D . The CAE can release prior information provided it is as originally published and distributed within the organization.
Correct Answer: B
Question #75
An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group.
Which of the following is the most appropriate role that she should assume when facilitating the workshop?
- A . Express an opinion on the participants’ inputs and conclusions as the assessment progresses.
- B . Provide appropriate techniques and guidelines on how the exercise should be undertaken.
- C . Evaluate and report on all issues that may be uncovered during the exercise.
- D . Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.
Correct Answer: B
Question #75
An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group.
Which of the following is the most appropriate role that she should assume when facilitating the workshop?
- A . Express an opinion on the participants’ inputs and conclusions as the assessment progresses.
- B . Provide appropriate techniques and guidelines on how the exercise should be undertaken.
- C . Evaluate and report on all issues that may be uncovered during the exercise.
- D . Screen and vet participants so that the most appropriate candidates are selected to participate in the exercise.
Correct Answer: B
Question #77
According to IIA guidance which of the following represents sufficient information?
- A . Information that is factual adequate and convincing
- B . Information that is best attainable through the use of appropriate engagement techniques
- C . Information that supports engagement objectives and recommendations
- D . Information that helps the organization meet its goals
Correct Answer: D
Question #78
How should an internal auditor approach preparing a detailed risk assessment during engagement planning?
- A . Complete the risk assessment independently to prevent conflicts of interest with the function being reviewed.
- B . Work with external auditors to ensure that the risk assessment includes items reflected on the independent auditor’s report.
- C . Work with management of the function being reviewed, as management would be most familiar with the business objectives and related risks.
- D . Consult with the compliance department, which typically has a more comprehensive view of the organization.
Correct Answer: C
C
Explanation:
When preparing a detailed risk assessment during engagement planning, the internal auditor should collaborate with the management of the function being reviewed. Management has the most in-depth knowledge of their business objectives, processes, and the associated risks. This cooperation ensures that the risk assessment is comprehensive, accurate, and relevant to the specific context of the function under review. It also helps in identifying any potential areas of concern that might not be evident to external parties.
Reference: IIA Standard 2201: "Planning Considerations"
IIA Practice Guide: "Assessing the Adequacy of Risk Management Processes"
C
Explanation:
When preparing a detailed risk assessment during engagement planning, the internal auditor should collaborate with the management of the function being reviewed. Management has the most in-depth knowledge of their business objectives, processes, and the associated risks. This cooperation ensures that the risk assessment is comprehensive, accurate, and relevant to the specific context of the function under review. It also helps in identifying any potential areas of concern that might not be evident to external parties.
Reference: IIA Standard 2201: "Planning Considerations"
IIA Practice Guide: "Assessing the Adequacy of Risk Management Processes"
Question #79
Following an audit, management developed an action plan to improve controls over the handling of scrap metal.
Which of the following would be the most appropriate course of action for the auditor to follow up?
- A . Conduct another audit engagement to ensure all risks related to the sales of scrap metal have been mitigated.
- B . Ensure new procedures have been documented, approved, and distributed to the employees responsible.
- C . Perform retesting to confirm that new procedures address the previously identified deficient control activities.
- D . Analyze the new procedures, then report to senior management whether the associated risks have been managed.
Correct Answer: C
C
Explanation:
After management has implemented an action plan to improve controls, the most appropriate follow-up action for the auditor is to perform retesting. Retesting involves verifying that the new procedures are effective in addressing the control deficiencies identified during the initial audit .
Detailed Explanation
IIA Standard 2500 C Monitoring Progress:
This standard requires the internal audit activity to monitor and ensure that management actions have been implemented and are working as intended. Retesting is a critical component of this process because it confirms that the new controls effectively mitigate the risks.
Importance of Retesting:
Retesting allows the auditor to verify that the specific control activities, which were previously found to be deficient, have been corrected. This hands-on approach provides direct evidence of the effectiveness of the new procedures.
IIA Practice Advisory 2500-1:
The advisory emphasizes the need for follow-up activities to include retesting when necessary to confirm that management’s actions have resolved the issues identified.
Why Not Other Options?
Option A (Conduct another audit): Conducting a completely new audit might be excessive; follow-up and retesting are sufficient to confirm the effectiveness of the corrective actions.
Option B (Ensure procedures are documented): Documentation is important, but it does not confirm that the procedures are actually effective.
Option D (Analyze procedures and report to management): Analysis is useful, but retesting provides direct verification of effectiveness.
Conclusion: Option C is correct because retesting confirms that the new procedures effectively address the previously identified deficiencies, ensuring that the risks have been mitigated as intended, in line with IIA guidance.
C
Explanation:
After management has implemented an action plan to improve controls, the most appropriate follow-up action for the auditor is to perform retesting. Retesting involves verifying that the new procedures are effective in addressing the control deficiencies identified during the initial audit .
Detailed Explanation
IIA Standard 2500 C Monitoring Progress:
This standard requires the internal audit activity to monitor and ensure that management actions have been implemented and are working as intended. Retesting is a critical component of this process because it confirms that the new controls effectively mitigate the risks.
Importance of Retesting:
Retesting allows the auditor to verify that the specific control activities, which were previously found to be deficient, have been corrected. This hands-on approach provides direct evidence of the effectiveness of the new procedures.
IIA Practice Advisory 2500-1:
The advisory emphasizes the need for follow-up activities to include retesting when necessary to confirm that management’s actions have resolved the issues identified.
Why Not Other Options?
Option A (Conduct another audit): Conducting a completely new audit might be excessive; follow-up and retesting are sufficient to confirm the effectiveness of the corrective actions.
Option B (Ensure procedures are documented): Documentation is important, but it does not confirm that the procedures are actually effective.
Option D (Analyze procedures and report to management): Analysis is useful, but retesting provides direct verification of effectiveness.
Conclusion: Option C is correct because retesting confirms that the new procedures effectively address the previously identified deficiencies, ensuring that the risks have been mitigated as intended, in line with IIA guidance.
Question #80
Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?
- A . The amount of experience the auditors have conducting audits in the specific area of the organization.
- B . The availability of the auditors in relation to the availability of key client staff.
- C . Whether the budgeted hours are sufficient to complete the audit within the current scope.
- D . Whether outside resources will be needed, and their availability.
Correct Answer: C